Check Point Software Technologies, a cybersecurity firm based in Israel has said that the newly discovered crypto mining malware, KingMiner, is “evolving.”
This was disclosed by the firms team of researchers, who discovered the trend with the monero mining malware that first appeared about six months ago, is changing through time to evade being detected even going as far as replacing older versions of itself it encounters on host machines.
While speaking, on Thursday researcher Ido Solomon and Adi Ikan said:
“The malware continuously adds new features and bypass methods to avoid emulation. Mainly, it manipulates the needed files and creates a dependency which is critical during emulation.”
As a result of these tactics, the malware is also being detected by security systems at “significantly” reduced rates.
According to the report, the malware most often targets Microsoft servers (predominantly IIS\SQL) and while configured to harness 75 percent of the victim machine’s CPU capacity for mining, it actually uses up the full 100 percent.
To preserve its secrecy, KingMiner is also seen to use a private mining pool to avoid detection, which also has its API switched off.
“We have not yet determined which domains are used, as this is also private. However, we can see that the attack is currently widely spread, from Mexico to India, Norway and Israel,” the researchers said.
More so, the continuous changes exhibited by the malware prevents it from being detected and these ability, may go on to influence more crypto-mining malware variants in 2019.